mirror of https://github.com/mkerrisk/man-pages
user_namespaces.7: Clarify that rules for writing to map files also apply to gid_map
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
0f069d0c69
commit
1b3d5347f5
|
@ -278,13 +278,17 @@ file of
|
|||
of the process in the namespace may be written to
|
||||
.I once
|
||||
to define the mapping of user IDs in the new user namespace.
|
||||
(An attempt to write more than once to a
|
||||
An attempt to write more than once to a
|
||||
.I uid_map
|
||||
file in a user namespace fails with the error
|
||||
.BR EPERM .)
|
||||
.BR EPERM .
|
||||
Similar rules apply for
|
||||
.I gid_map
|
||||
files.
|
||||
|
||||
The lines written to
|
||||
.IR uid_map
|
||||
.RI ( gid_map )
|
||||
must conform to the following rules:
|
||||
.IP * 3
|
||||
The three fields must be valid numbers,
|
||||
|
@ -305,7 +309,8 @@ and
|
|||
.BR pwrite (2)
|
||||
can't be used to write to nonzero offsets in the file).
|
||||
.IP *
|
||||
The range of user IDs specified in each line cannot overlap with the ranges
|
||||
The range of user IDs (group IDs)
|
||||
specified in each line cannot overlap with the ranges
|
||||
in any other lines.
|
||||
In the current implementation (Linux 3.8), this requirement is
|
||||
satisfied by a simplistic implementation that imposes the further
|
||||
|
@ -313,6 +318,9 @@ requirement that
|
|||
the values in both field 1 and field 2 of successive lines must be
|
||||
in ascending numerical order.
|
||||
.IP *
|
||||
The mapped user IDs (group IDs) must in turn have a mapping
|
||||
in the parent user namespace.
|
||||
.IP *
|
||||
At least one line must be written to the file.
|
||||
.PP
|
||||
Writes that violate the above rules fail with the error
|
||||
|
|
Loading…
Reference in New Issue